The Dominion Post
18 February 2008
A visiting security expert employed by software giant CA in France hopes
big businesses will realise they need to spend more money securing their
computer systems in the wake of Societe Generale's 4.9-billion euro
rogue trading scandal.
Matthew Gardiner, who was in Wellington last week, says it would be sad
if business leaders concluded instead that they were throwing money into
a bottomless pit.
Mr Gardiner, an American who lives 20 miles from rogue trader Jerome
Kerviel's home in Brittany, has been following the case to see what
lessons can be learned for clients.
The Daily Telegraph reported that SocGen employed 2000 people in its
compliance department who should have been able to quickly spot any
irregular trading by using an automatic computerised warning system.
Full details have yet to emerge about how Kerviel circumvented the
bank's systems. The newspaper reported that Kerviel was a "computer
whiz" who knew how to turn off the bank's warning systems.
The bank was not a major CA client but was not regarded as a soft
target, Mr Gardiner says.
He says a contributing factor may have been that Kerviel had worked in
the bank's back office and in compliance before becoming a trader.
A common flaw in company security systems is that IT staff and other
"privileged users" are given too much access to systems to make it
easier for them do their jobs, he says. "One per cent of the time it is
Mr Gardiner hopes for a "rational response" from business leaders. IT
security experts employed by businesses know "99 per cent of the time"
what needs to be done to better secure their businesses, but are often
constrained by budgets.
If anything good comes out of the SocGen scandal it is that business
managers will "go to them and have a talk", he says.
"IT needs money to invest in people, processes and technology, and the
other side doesn't know why they need it and whether it is justified.
Major businesses are based 100 per cent on IT. The clock is not going to
Subscribe to InfoSec News